In a data processing system, it is necessary to make sure that only authorized users have access to system resources. Normally not all the users can have access to all the resources or to the same resources. It is known to create user profiles associated with a predetermined set of authorizations. Access to software and hardware resources is generally controlled by security software which grants or prevents access based on two main access control themes: authentication and authorization. Authentication verifies whether or not a person is who he claims to be, through checking userID/password combinations or similar methods. When a user fails authentication checks, he is generally prevented from accessing any of the systems. When a user is authenticated, then the user may access a pre-determined subset of the system resources, based on authorization rights. Authorization defines what an authenticated user is allowed to do in a system. Authorization may define tasks that a user is allowed to execute, it may define a subset of resources that a user may work with, or it may be a combination of the two. For better security, the system may request that a user modify the password in use after a predetermined period of time and require the password to be significantly different from the last few passwords used by the same user.